Linksys Routers Vulnerable to DDoS Attacks

Flaws in the routers' firmware could let hackers access configuration settings and execute remote commands. Linksys said it's working on a patch.

Linksys this week identified several vulnerabilities in its router firmware that allow hackers to bypass authentication and perform denial of service (DDoS) attacks.

The company said it is working on a fix for the vulnerabilities, which were discovered by security researchers at IOActive in January and affect more than two dozen models of Linksys wireless routers in the WRT and EAxxx series.

"Two of the security issues we identified allow unauthenticated attackers to create a Denial-of-Service (DoS) condition on the router," IOActive researcher Tao Sauvage wrote in a blog post. "By sending a few requests or abusing a specific API, the router becomes unresponsive and even reboots. The Admin is then unable to access the web admin interface and users are unable to connect until the attacker stops the DoS attack."

Sauvage said that "11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year's Mirai Denial of Service (DoS) attacks."

Linksys published a full list of the router models that are affected, and suggested that owners change the default password for their administrator account. The company said it is working to provide a firmware update for all of the affected models, but didn't offer details on when it would be ready.

About the Author

Tom is PCMag's San Francisco-based news reporter. He got his start in technology journalism by reviewing the latest hard drives, keyboards, and much more for PCMag's sister site, Computer Shopper. As a freelancer, he's written on topics as diverse as Borneo's rain forests, Middle Eastern airlines, and big data's role in presidential elections. A graduate of Middlebury College, Tom also has a master's journalism degree from New York University. Follow him on Twitter @branttom. See Full Bio